Combined, the OneTrust modules automate and support the following Provident initiatives: privacy impact assessments, personal data breach notification processes, third-party supplier due diligence, transfers outside of the EEA, retention schedule changes, legitimate interest assessments, individual rights, records of processing, as well as weekly and monthly reports.
Making OneTrust an integral part of business operations
To roll out the OneTrust platform, Provident hired Tara Halfpenny as its Data Protection Analyst and to serve as the chief subject matter expert for OneTrust within the business. In this role, Tara supports each of Provident’s divisional and group Data Protection Officers, as well as the divisional and Group CISOs in ensuring the OneTrust platform meets each business’ needs and demonstrates accountability and compliance under the GDPR and other regulatory obligations.
“Although I work across the whole business to support individuals in their daily use of OneTrust, there are also core teams that are higher-level users of the platform,” said Halfpenny. “These teams have more needs and requirements to help with their own accountability and compliance under the GDPR and other regulatory bodies.”
For example, Provident’s procurement team uses OneTrust VendorpediaTM as a central repository for all the information they hold on vendors and third-parties. The platform adds value to Provident’s vendor inventory, enabling faster assessment with risk mitigation workflows, ongoing monitoring, and powerful reporting to manage the entire vendor engagement lifecycle, from onboarding to offboarding.
Additionally, Provident has a dedicated Subject Rights Request team that works with the wider business to collect information in the OneTrust platform to help support customer and employee data subject access requests.
To learn how Provident Financial Group implemented OneTrust to power third-party risk management, read the Vendorpedia case study.